What is BFD (Brute Force Detection)? BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php How-To: http://www.webhostgear.com/60.html
This may seem like a daft question but is this compatible with ISP Config. I am very new, embarasingly so, to linux and servers and do not want to destroy my current setup but this sounds like a very good idea security wise. Ben
I don't see why it shouldn't be compatible with ISPConfig. As far as I understand, it's just a shell script that parses log files for attempted attacks.
APF and BFD (BFD needs APF to work) runs completly independent from ISPConfig. You may install it without worrying about breaking IPFC. You just have to turn off the firewall option in ISPC Control Panel before installing APF and BFD. Please do read the MAN pages and look at example config files so that you dont lock youself out.
one more question: I started using apf with the ad and bfd modules, yet I still see entries like these in my logfiles: shouldn't bfd take care of these or am I wrong?
I don't know BFD, but maybe this is interesting for you: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
as I have understood it bfd (=brute force detection) should take care of brute force attacks against any port and any service... for ssh atacks I already run fail2ban which takes care of those - at least it should I was just wondering why I see no action from bfd...
I run shorewall firewall with a rule like ACCEPT net $FW tcp 22 - - 1/min:2 Means, one can log only twice in one min. That seems to work they go away. bob
It does, but only if you have APF runing. if you have APF runing in DEVEL mode it will flush rules every 5 mins, so isnt of much use this way.